This website has been translated by machine translation software and has not been subsequently revised by translators. Further information at: link. Hide
the accesskey _ mod _ content

Auditoría de Seguridad de los Sistemas de Información -Reglamento General de Protección de Datos

  • Summary:
    Is an application that enables the organization to keep a record of activities of processing of personal data as well as to facilitate the implementation of the rest of obligations of the General regulation of data protection (RGPD) and Organic Law 3/2018, 5 December, of protection of personal data and guarantee of digital rights (LOPD-GDD), including the realization of risk analysis of treatment for the rights and freedoms of individuals, and, in its case, the impact assessment of processing operations in the protection of personal data. This is based on a series of questionnaires carefully made that each Responsible for Treatment of personal data must be completed on treatments under its responsibility.
    Target audience:
    Any Public Administration
    Agencies Responsible:
    Labour ministry, migrations and Social security
    Branch of work, migrations and Social security
    S.G. Technologies of the information and communications
    Installable product

    Type of Solution:
    Status of the Solution:
    Organic Area:
    Technical Area:
    Standardisation and regulation
    Subtype of data model:
    Information structure (semantic Standard)
    Functional Area:
    Government and the public Sector
    This License for AAPP
    Interoperability level:
    Programming language:
    Operating system:


    The goal is to implement the Regulation (HAT) 2016/679 OF THE EUROPEAN PARLIAMENT AND of the board of 27 April 2016 on the protection of individuals with regard to the treatment of personal data and on the free movement of such data and to the Organic Law 3/2018, 5 December, of protection of personal data and guarantee of digital rights (LOPD-GDD).

    ASSI-RGPD is an application that allows each responsible for processing of personal data the following activities, for each of the treatments of personal data (TDP) of which is responsible:

    • Proporcionar la información necesaria de cada TDP que hay que incluir en el Registro de Actividades de Tratamiento exigido por el Reglamento General de Protección de Datos (RGPD) y en el inventario de tratamientos de la LOPD-GDD.
    • Perform risk analysis of treatment for the rights and freedoms of individuals, and, in its case, the impact assessment of processing operations in the protection of personal data. This will determine the security package of National security Scheme (NHIS), measures ENS Type I or measures ENS Type (II, which intends to apply to securizar the processing of personal data and, in its case, the notice to the maintainer of treatment to perform the impact assessment Widespread for certain treatments of personal data, as established by the AEPD in https :// .
    • Verificar el cumplimiento del resto de aspectos normativos del RGPD y la LOPD-GDD.

    Estas actividades se realizan cumplimentando una serie de cuestionarios por parte de los responsables de TDP para cada uno de los TDPs bajo su responsabilidad.

    It presents a series of reports, documents, etc, with the aim of helping in the fulfilment of the obligations that sets the RGPD and LOPD-GDD.


    21 January 2020

    PRIZE AEPD 2019 Unshade accordion

    The SGTIC of MITRAMISS was awarded for its AEPD in subparagraph of "good practices in privacy and personal data protection on initiatives to adapt to the European regulation of data protection" in the form of public sector entities by the application ASSI-RGPD ( https :// ).

    26 November 2019

    New version of ASSI-RGPD Unshade accordion

    In this new version provides the following improvements/features/…..:

    • Adaptation to the content of the LOPD-GDD published in December last year (minors, administrative and criminal offences, dead, recommendations to those responsible for treatment, responsible for treatment, consent, …)
    • Improvements in the content contained/removable ASSI-RGPD:

         -   Correo Electrónico Institucional de la Unidad para no publicar los correos electrónicos profesionales de los Responsables de Tratamiento).

      - Generation and export of registration of treatment activities (RAT).

         -   Mejor redacción de algunos textos que aparecen en la pestaña Risk analysis and impact assessment (for example: instead of DO the treatment involves making a video surveillance on a large scale? will appear ¿Se realiza una observación sistemática a gran escala de una zona de acceso público (por ejemplo: videovigilancia con detección y reconocimiento automático de la identidad de las personas en una plaza pública)?

      - Extension of the size of text of several fields for the person responsible for processing can properly document (Name of treatment and necessity and proportionality of operations).

           -  Mejora de las ayudas que ofrece la aplicación (contenido que va al RAT, explicación del proceso de cálculo de las Medidas ENS Tipo I y Medidas ENS Tipo II, qué información falta para poder firmar el pdf que recoge para un Tratamiento de Datos Personales toda la información introducida en ASSI-RGPD, etc).

    • New version of the drafts of clauses informative.
    • Mejoras en la generación y extracción de informes (Informe de Tratamientos, Registro de Actividades de Tratamientos, Informe Cualitativo e Informe Cuantitativo).
    • Histórico de eliminaciones y recuperaciones justificadas de tratamientos de datos personales (TDP) junto con la identificación de quiénes lo hicieron y cuándo lo hicieron.
    • From administration management of the implementation of the structure and contents of the library of Responsible aid TDP (files doc with forms, rights of stakeholders, recommendations for the recruitment of responsible for treatment, regulations, etc).
    • Mejoras en el formato del contenido del pdf que se genera.
    • Generation of a warning to the maintainer of treatment for that, in its case, make an impact assessment Widespread concerning certain treatments as established by the AEPD in https ://
    • Updating the User Manual.

    Has been uploaded to the both PAE version 2.1.0 as the upgrade from the previous version (1.1.16) to version 2.1.0


    In this area you can register to receive notification of changes that occur in news, documents or forums associated with the settlement or the active semantic.

    - PAe subscription management

    The fields with an asterisk * are required. It must mark at least one of the subscription rushes (News, documents or forums) and indicate the email in the text field indicated for the high or low of subscription.

    Enter the email with which you want to receive notifications of the solution or the active semantic.


    Enter the email to unsubscribe from the unsubscribe.
General access point
General access point